Why SSL is not working for your website

When you browse to the https version of your domain, what appears in the address bar: a padlock or an ⓘ icon?

The padlock confirms that your website is secured by SSL, while the ⓘ icon means that:

the website has no SSL certificate, or

the SSL is not activated, or

the website contains some http content (a.k.a. ‘mixed content’)

While all Hetzner-hosted websites include a free, pre-installed SSL certificate, there are a few reasons why it may not be enabled or may not function correctly for your website:

Nameservers

Does your domain make use of our Hetzner name servers? A Whois lookup will show you what name servers are registered for your domain – if its not Hetzner’s name servers, then you need to make the following DNS changes via your domain host:

Website name is too long

Let’s Encrypt SSL is supported on website names (domains and sub-domains) of up to 64 characters. If your website name is over this length, then it is not possible to enable Let’s Encrypt SSL.

DNS Propagation

It can take up to 24 hours for the SSL version of a site to become available due to DNS propagation.

New websites are configured on servers immediately when ordered. Once DNS propagation has completed, these new websites will be reachable from anywhere on the internet. However, since SSL sites require certificates to be signed against a resolvable website, the SSL version of the website will only be available after DNS propagation has taken place and all of the above criteria have been satisfied.

Certificate generation will happen automatically for the domain with a certificate name of the domain and an additional subject alternative name using www.domain i.e.. example.com and www.example.com.

Once signed, the website configuration will take place for the ssl site as well as enabling it if no errors exist.

Customisations

Your site has a non-standard configuration. A customisation to the VirtualHost configuration for the website may have been requested, such as:

Duplicate certificates

If your domain includes many subdomains (e.g. alpha.example.com, bravo.example.com, charlie.example.com), the SSL activation may be rate limited.

Let’s Encrypt have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for[www.example.com, example.com] during the week.